ensure there is pin priority for docker package to avoid upgrade of docker to incompatible version

ensure there is pin priority for docker package to avoid upgrade of docker to incompatible version

remove empty when line

ensure there is pin priority for docker package to avoid upgrade of docker to incompatible version

force kubeadm upgrade due to failure without --force flag

ensure there is pin priority for docker package to avoid upgrade of docker to incompatible version

added nodeSelector to have compatibility with hybrid cluster with win nodes, also fix for download with missing container type

fixes in syntax and LF for newline in files

fix on yamllint check

ensure there is pin priority for docker package to avoid upgrade of docker to incompatible version

some cleanup for innecesary lines

remove conditions for nodeselector
pull/3200/head
Pablo Estigarribia 2018-06-05 08:15:20 -03:00
parent 7efe287c74
commit 7cbe3c2171
19 changed files with 85 additions and 1 deletions

View File

@ -93,6 +93,7 @@
roles: roles:
- { role: kubespray-defaults} - { role: kubespray-defaults}
- { role: kubernetes-apps/rotate_tokens, tags: rotate_tokens, when: "secret_changed|default(false)" } - { role: kubernetes-apps/rotate_tokens, tags: rotate_tokens, when: "secret_changed|default(false)" }
- { role: win_nodes/kubernetes_patch, tags: win_nodes, when: "kubeadm_enabled" }
- hosts: kube-master - hosts: kube-master
any_errors_fatal: "{{ any_errors_fatal | default(true) }}" any_errors_fatal: "{{ any_errors_fatal | default(true) }}"

View File

@ -52,3 +52,6 @@ spec:
- --default-params={"linear":{"nodesPerReplica":{{ dnsmasq_nodes_per_replica }},"preventSinglePointFailure":true}} - --default-params={"linear":{"nodesPerReplica":{{ dnsmasq_nodes_per_replica }},"preventSinglePointFailure":true}}
- --logtostderr=true - --logtostderr=true
- --v={{ kube_log_level }} - --v={{ kube_log_level }}
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
nodeSelector:
beta.kubernetes.io/os: linux

View File

@ -24,6 +24,9 @@ spec:
tolerations: tolerations:
- effect: NoSchedule - effect: NoSchedule
operator: Exists operator: Exists
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
nodeSelector:
beta.kubernetes.io/os: linux
containers: containers:
- name: dnsmasq - name: dnsmasq
image: "{{ dnsmasq_image_repo }}:{{ dnsmasq_image_tag }}" image: "{{ dnsmasq_image_repo }}:{{ dnsmasq_image_tag }}"

View File

@ -136,6 +136,15 @@
msg: "{{available_packages}}" msg: "{{available_packages}}"
when: docker_task_result|failed when: docker_task_result|failed
# This is required to ensure any apt upgrade will not break kubernetes
- name: Set docker pin priority to apt_preferences on Debian family
template:
src: "apt_preferences.d/debian_docker.j2"
dest: "/etc/apt/preferences.d/docker"
owner: "root"
mode: 0644
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat", "Suse"] or is_atomic)
- name: ensure service is started if docker packages are already present - name: ensure service is started if docker packages are already present
service: service:
name: docker name: docker

View File

@ -0,0 +1,3 @@
Package: docker-ce
Pin: version {{ docker_version }}.*
Pin-Priority: 1001

View File

@ -6,7 +6,6 @@
- facts - facts
- include_tasks: "gen_certs_{{ cert_management }}.yml" - include_tasks: "gen_certs_{{ cert_management }}.yml"
when:
tags: tags:
- etcd-secrets - etcd-secrets

View File

@ -28,6 +28,9 @@ spec:
labels: labels:
k8s-app: kubedns-autoscaler k8s-app: kubedns-autoscaler
spec: spec:
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
nodeSelector:
beta.kubernetes.io/os: linux
tolerations: tolerations:
- effect: NoSchedule - effect: NoSchedule
operator: Equal operator: Equal

View File

@ -27,6 +27,9 @@ spec:
annotations: annotations:
scheduler.alpha.kubernetes.io/critical-pod: '' scheduler.alpha.kubernetes.io/critical-pod: ''
spec: spec:
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
nodeSelector:
beta.kubernetes.io/os: linux
tolerations: tolerations:
- key: "CriticalAddonsOnly" - key: "CriticalAddonsOnly"
operator: "Exists" operator: "Exists"

View File

@ -15,6 +15,9 @@ spec:
tolerations: tolerations:
- effect: NoSchedule - effect: NoSchedule
operator: Exists operator: Exists
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
nodeSelector:
beta.kubernetes.io/os: linux
containers: containers:
- name: netchecker-agent - name: netchecker-agent
image: "{{ agent_img }}" image: "{{ agent_img }}"

View File

@ -13,6 +13,9 @@ spec:
app: netchecker-agent-hostnet app: netchecker-agent-hostnet
spec: spec:
hostNetwork: True hostNetwork: True
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
nodeSelector:
beta.kubernetes.io/os: linux
{% if kube_version | version_compare('v1.6', '>=') %} {% if kube_version | version_compare('v1.6', '>=') %}
dnsPolicy: ClusterFirstWithHostNet dnsPolicy: ClusterFirstWithHostNet
{% endif %} {% endif %}

View File

@ -29,6 +29,9 @@ spec:
spec: spec:
priorityClassName: system-node-critical priorityClassName: system-node-critical
serviceAccountName: efk serviceAccountName: efk
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
nodeSelector:
beta.kubernetes.io/os: linux
containers: containers:
- name: fluentd-es - name: fluentd-es
image: "{{ fluentd_image_repo }}:{{ fluentd_image_tag }}" image: "{{ fluentd_image_repo }}:{{ fluentd_image_tag }}"

View File

@ -42,3 +42,6 @@ spec:
requests: requests:
cpu: 10m cpu: 10m
memory: 20Mi memory: 20Mi
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
nodeSelector:
beta.kubernetes.io/os: linux

View File

@ -121,6 +121,7 @@
--ignore-preflight-errors=all --ignore-preflight-errors=all
--allow-experimental-upgrades --allow-experimental-upgrades
--allow-release-candidate-upgrades --allow-release-candidate-upgrades
--force
register: kubeadm_upgrade register: kubeadm_upgrade
# Retry is because upload config sometimes fails # Retry is because upload config sometimes fails
retries: 3 retries: 3

View File

@ -12,6 +12,9 @@ spec:
{% if kube_version | version_compare('v1.6', '>=') %} {% if kube_version | version_compare('v1.6', '>=') %}
dnsPolicy: ClusterFirst dnsPolicy: ClusterFirst
{% endif %} {% endif %}
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
nodeSelector:
beta.kubernetes.io/os: linux
containers: containers:
- name: kube-proxy - name: kube-proxy
image: {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} image: {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }}

View File

@ -7,6 +7,9 @@ metadata:
k8s-app: kube-nginx k8s-app: kube-nginx
spec: spec:
hostNetwork: true hostNetwork: true
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
nodeSelector:
beta.kubernetes.io/os: linux
containers: containers:
- name: nginx-proxy - name: nginx-proxy
image: {{ nginx_image_repo }}:{{ nginx_image_tag }} image: {{ nginx_image_repo }}:{{ nginx_image_tag }}

View File

@ -53,6 +53,9 @@ spec:
k8s-app: flannel k8s-app: flannel
spec: spec:
serviceAccountName: flannel serviceAccountName: flannel
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
nodeSelector:
beta.kubernetes.io/os: linux
containers: containers:
- name: kube-flannel - name: kube-flannel
image: {{ flannel_image_repo }}:{{ flannel_image_tag }} image: {{ flannel_image_repo }}:{{ flannel_image_tag }}

View File

@ -0,0 +1,3 @@
---
kubernetes_user_manifests_path: "{{ ansible_env.HOME }}/kube-manifests"

View File

@ -0,0 +1 @@
{"spec":{"template":{"spec":{"nodeSelector":{"beta.kubernetes.io/os":"linux"}}}}}

View File

@ -0,0 +1,34 @@
---
- name: Ensure that user manifests directory exists
file:
path: "{{ kubernetes_user_manifests_path }}/kubernetes"
state: directory
recurse: yes
tags: [init, cni]
- name: Apply kube-proxy nodeselector
block:
- name: Copy kube-proxy daemonset nodeselector patch
copy:
src: nodeselector-os-linux-patch.json
dest: "{{ kubernetes_user_manifests_path }}/nodeselector-os-linux-patch.json"
# Due to https://github.com/kubernetes/kubernetes/issues/58212 we cannot rely on exit code for "kubectl patch"
- name: Check current nodeselector for kube-proxy daemonset
shell: kubectl get ds kube-proxy --namespace=kube-system -o jsonpath='{.spec.template.spec.nodeSelector.beta\.kubernetes\.io/os}'
register: current_kube_proxy_state
- name: Apply nodeselector patch for kube-proxy daemonset
shell: kubectl patch ds kube-proxy --namespace=kube-system --type=strategic -p "$(cat nodeselector-os-linux-patch.json)"
args:
chdir: "{{ kubernetes_user_manifests_path }}"
register: patch_kube_proxy_state
when: current_kube_proxy_state.stdout | trim | lower != "linux"
- debug: msg={{ patch_kube_proxy_state.stdout_lines }}
when: patch_kube_proxy_state is not skipped
- debug: msg={{ patch_kube_proxy_state.stderr_lines }}
when: patch_kube_proxy_state is not skipped
tags: init